API Keys

View as Markdown

Daytona API keys authenticate requests to the Daytona API. They are used by the Daytona SDKs and CLI to access and manage resources in your organization.

Daytona uses JWT tokens to authenticate requests and interact with the API keys endpoints programmatically. To obtain a JWT token, use the Daytona CLI to login (daytona login) and save the token to your config. The CLI saves the access token in config.json on your machine, inside the Daytona config directory. The token value is available in the api.token.accessToken field of the active profile. JWT-authenticated requests must include the X-Daytona-Organization-ID header with your organization ID.

Create an API key

Daytona provides options to create API keys in Daytona Dashboard ↗ or programmatically using the API.

Navigate to Daytona Dashboard ↗
Click the Create Key button
Enter the name of the API key, set the expiration date, and select permissions
Click Create to create the API key
Copy the API key to your clipboard

To use the API key in your application, set the DAYTONA_API_KEY environment variable. Daytona supports multiple options to configure your environment: in code, environment variables, .env file, and default values.

API keys support optional expiration and can be revoked at any time. After creation, you can only retrieve a masked key value when listing keys.

curl 'https://app.daytona.io/api/api-keys' \
  --request POST \
  --header 'X-Daytona-Organization-ID: YOUR_ORGANIZATION_ID' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Bearer YOUR_JWT_TOKEN' \
  --data '{
  "name": "My API Key",
  "permissions": ["write:sandboxes", "delete:sandboxes"],
  "expiresAt": "2030-01-01T00:00:00.000Z"
}'

Permissions & Scopes

Resource	Scope	Description
Sandboxes	`write:sandboxes`	Create/modify sandboxes
	`delete:sandboxes`	Delete sandboxes
Snapshots	`write:snapshots`	Create/modify snapshots
	`delete:snapshots`	Delete snapshots
Registries	`write:registries`	Create/modify registries
	`delete:registries`	Delete registries
Volumes	`read:volumes`	View volumes
	`write:volumes`	Create/modify volumes
	`delete:volumes`	Delete volumes
Audit	`read:audit_logs`	View audit logs
Regions	`write:regions`	Create/modify regions
	`delete:regions`	Delete regions
Runners	`read:runners`	View runners
	`write:runners`	Create/modify runners
	`delete:runners`	Delete runners

List API keys

Daytona provides methods to list all API keys for the current user or organization.

curl 'https://app.daytona.io/api/api-keys' \
  --header 'X-Daytona-Organization-ID: YOUR_ORGANIZATION_ID' \
  --header 'Authorization: Bearer YOUR_JWT_TOKEN'

Get current API key

Daytona provides methods to get details of the API key used to authenticate the current request.

curl 'https://app.daytona.io/api/api-keys/current' \
  --header 'X-Daytona-Organization-ID: YOUR_ORGANIZATION_ID' \
  --header 'Authorization: Bearer YOUR_API_KEY'

Get API key

Daytona provides methods to get a single API key by name.

curl 'https://app.daytona.io/api/api-keys/my-api-key' \
  --header 'X-Daytona-Organization-ID: YOUR_ORGANIZATION_ID' \
  --header 'Authorization: Bearer YOUR_JWT_TOKEN'

Delete API key

Daytona provides options to delete an API key in Daytona Dashboard ↗ or programmatically using the API. The key is revoked immediately and cannot be recovered.

Navigate to Daytona Dashboard ↗
Click Revoke next to the API key you want to delete
Confirm the revocation

curl 'https://app.daytona.io/api/api-keys/my-api-key' \
  --request DELETE \
  --header 'X-Daytona-Organization-ID: YOUR_ORGANIZATION_ID' \
  --header 'Authorization: Bearer YOUR_JWT_TOKEN'

Delete API key for user

Daytona provides options for organization admins to delete an API key for a specific user.

curl 'https://app.daytona.io/api/api-keys/{userId}/my-api-key' \
  --request DELETE \
  --header 'X-Daytona-Organization-ID: YOUR_ORGANIZATION_ID' \
  --header 'Authorization: Bearer YOUR_JWT_TOKEN'